NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Crypto (Various)> 2000-q4

Subject: Re: The problem with SSH2
From: Carl Ellison (cmeacm.org)
Date: Wed Dec 27 2000 - 21:11:05 CST

Next message: Steve Reid: "Re: The problem with SSH2"
Previous message: Steve Reid: "Re: Coming up with a usable software crypto format - 'Envelope Mail'"
In reply to: Theodore Y. Ts'o: "Re: The problem with SSH2"
Next in thread: Markus Friedl: "Re: The problem with SSH2"
Next in thread: Steve Reid: "Re: The problem with SSH2"
Reply: Carl Ellison: "Re: The problem with SSH2"
Reply: Markus Friedl: "Re: The problem with SSH2"
Reply: Mike Brodhead: "Re: The problem with SSH2"
Reply: Damien Miller: "Re: The problem with SSH2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 05:35 PM 12/27/00 -0500, Theodore Y. Ts'o wrote:
>Well, openssh prints the following:
>
>
> WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
>
>IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>Someone could be eavesdropping on you right now (man-in-the-middle attack)!
>It is also possible that the DSA host key has just been changed.
>Please contact your system administrator.
>Add correct host key in /home/tytso/.ssh/known_hosts2 to get rid of this
>message. Password authentication is disabled to avoid trojan horses.
>Agent forwarding is disabled to avoid trojan horses.
>
>
>If after reading this, the user doesn't get an the idea, that user is an
>idiot.

That's possible. However, if a good mechanism with a well designed human
interface isn't provided for communicating and verifying the hash of the
public key, the "contact your system administrator" command does little
good. So, the sysadmin says that the key was changed. That doesn't mean
that there's no MITM.

The warning message should print out the hash of the public key actually
received and the user should be told to get the sysadmin to read that hash
back to him before accepting the key as valid.

The keygen utility should print that hash. There should also be a utility
to print the hash after key generation, in case the sysadmin forgot to write
down the hash when the key was generated.

- Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQA/AwUBOkqvR3PxfjyW5ytxEQK+1gCg5lXZEEwOsRYFPvcZ5oX+qDdmCAcAoMIM
g+sEonNDFabBP3fOYLN9Kx//
=qV33
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison cmeacm.org http://world.std.com/~cme |
| PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+

Next message: Steve Reid: "Re: The problem with SSH2"
Previous message: Steve Reid: "Re: Coming up with a usable software crypto format - 'Envelope Mail'"
In reply to: Theodore Y. Ts'o: "Re: The problem with SSH2"
Next in thread: Markus Friedl: "Re: The problem with SSH2"
Next in thread: Steve Reid: "Re: The problem with SSH2"
Reply: Carl Ellison: "Re: The problem with SSH2"
Reply: Markus Friedl: "Re: The problem with SSH2"
Reply: Mike Brodhead: "Re: The problem with SSH2"
Reply: Damien Miller: "Re: The problem with SSH2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]